Releases: fermitools/htgettoken
Releases · fermitools/htgettoken
Release list
v1.4
- Add --vaulttokenminttl option.
- Add --web-open-command option, and default it to xdg-open only when $SSH_CLIENT is not set.
- Send the extra 'server' parameter recognized by htvault-config >= 1.5 when --secretpath=secret/oauth/creds/%issuer/%credkey:%role, to use shared vault secrets instance (will be default later).
- Use the new pyinstaller 4.5 exclude_system_libraries() function instead of the previous hack to exclude system libraries from being bundled.
v1.3
- Add --kerbprincipal option
- Change the default kerbpath to include issuer and role
- Limit oidc polling to 2 minutes
- Disable oidc authentication when running in the background, that is, when none of stdin, stdout, or stderr are on a tty
- Document that audience can be a comma or space separated list
- Updated pip-installed dependent packages to latest versions
v1.2
v1.1
- Integrate with htcondor, including these changes:
- Change --authpath option name to --oidcpath.
- Add --noidc option.
- Add --vaulttokenttl option.
- Make --vaulttokenfile default to /dev/stdout if the ttl is more than a million seconds, and also require it to start with /dev/std or /dev/fd if the ttl is more than a million seconds.
- Add --vaulttokeninfile option.
- Add --nobearertoken option.
- Add --showbearerurl option.
- Send progress output to stderr if --vaulttokenfile is /dev/stdout or --showbearerurl option is enabled.
- Use a separate version number for the python library downloads tarball.
v1.0
- Add --credkey option.
- Add --vaultalias option.
- Add --nokerberos and --kerbpath options.
- Change the name of the --vaultrole option to --role; the short name -r remains unchanged.
- Fill out the man page and add a html version of it to the source, generated by a Makefile.
Version 0.5
- Set BROWSER variable to prevent xdg-open from running lynx, which hangs.
Version 0.4
- Support the new poll api in addition to the old device_wait api when waiting for authorization response
- Use colon as separator in default secret path instead of hyphen
- Add --scopes and --audience options
- Implement the --minsecs option (was present before but didn't work)
- Stop reading old bearer token and remove use of jwt package
Version 0.3
- Avoid including standard system libraries with pyinstaller
- Increase timeout on web browser interaction to 5 minutes
- Set up the interrupt signal to kill the program
- Add BuildRequires for openssl-devel and swig
- Remove confusing code for setting default cafile on RHEL and make setting
the Debian default more clear
Version 0.2
- Allow for missing xdg-open
- Add some missing "Exception as e" clauses
- Create configdir if missing when needed
- Change from jwt pip package to pyjwt, and disable verify_aud
Initial pre-release
This is the first htgettoken pre-release, supporting oidc device flow & kerberos flow with vault. The binary rpm was built on CentOS7 but works also on CentOS8.